This year i have attended quite a few sessions about cyber security, and noticed a recurring medical analogy about practicing good “cyber security hygiene”. I get the gist of the cyber security hygiene point but was intrigued by the origins and history behind it. Here is what i found:

Washing Your Hands Saves Lives:

To cut a long story short, in the 1840s Dr. Semmelweis observed 2 maternity clinics at the Vienna General Hospital. One was run by doctors and medical students, and the other by midwives. The clinic run by doctors and medical students had a death rate almost 5 times higher than the clinic run by the midwives.

Dr. Semmelweis was unable to explain the disparity until he learned of the death of his close friend. His friend, a doctor, had been pricked by a students scalpel during an autopsy (conducted only by medical students and doctors) and suffered the same symptoms as the mothers at the maternity clinic run by doctors and medical students.

This led Dr. Semmelweis to conclude that the cadaverous particles (harmful bacteria from corpses) that the doctors and medical students were being exposed to, during autopsies, were being transferred (by the very same doctors and students) to new mothers during childbirth and resulting in their unfortunate deaths.

So, Dr. Semmelweis implemented a policy of mandatory hand washing (and instrument cleaning) using a chlorinated lime solution (to get rid of the bad smell). The results were instant. In the first three months the death rate fell from 1 in 10, to 1 in 100.

A Bit of Common Sense:

You’d think that the simple action of washing your hands and the dramatic impact it has on saving lives would present a compelling argument. But it didn’t, Dr. Semmelweis was met with a lot of resistance.

The main reason was because the suggestion that doctors were in fact the very reason for the deaths of their own patients

Also, the way in which Dr. Semmelweis conveyed his message to the medical community resulted in a lot of opposition

Over time the practice of hand washing gained universal acceptance in the medical community. But as we all know from time to time, even today we still unfortunately hear about viruses at hospitals that arise due to bad hygiene. Reasons why hand washing still does not always happen include:

Being too busy

The hand washing solution is not being topped up and runs out

The hand washing facility is located in a inconvenient place

Forgetting!

Cyber Security Hygiene: Small and Simple Changes have BIG Impacts

Fast forward to today and cyber-security and all of the above sounds all too familiar, eh?

“My medical friends tell me that it is possible to drastically reduce deadly hospital infections if doctors wash their hands for two minutes before operating. And yet only half of them do. These are doctors, they know the facts, real people are dying, and still they don’t comply”.